Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

COMPREHENSIVE AND TECHNICAL RISK ANALYSIS

Verified

Added on 2023/04/26

AI Summary

In this document we will discuss about comprehensive and technical risk analysis and below are the summary points of this document:- The technical risk assessment procedure for a small-scale IT company that has implemented a technological environment and needs to conduct a technical risk analysis. The risk assessment would be based on assets, vulnerabilities, threats, and consequences derived from the IT control framework. The industry risk recommendations and the process to mitigate the threats would also be specified along with the impact of the mitigation process on the organization. The document also provides an overview of the organization, including its infrastructure and the problems handled by various departments. The organization stores its codes and documentation in specific servers that are publicly accessible via the Internet, and there is a lack of a full-time administrator, so temporary staff manages the servers. The key threats in the operations of the organization are identified, including lack of maintenance of the hardware and software, utilization of services to present to customers, compromising of host, and no firewall security system or email/virus protection.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: COMPREHENSIVE AND TECHNICAL RISK ANALYSIS
Comprehensive and Technical Risk Analysis
Name of the Student
Name of the University
Author Note

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1COMPREHENSIVE AND TECHNICAL RISK ANALYSIS
Executive Summary
Before implementing a technological system it is necessary that an organization go through
risk analysis process to find out if there have been any impending threats in the system or the
operational processes of the organization. This one's for the make sure that proper decision is
taken against those risks based on their priority and proper responsible people are appointed
to mitigate those risks. In the same way in this key is also the small scale software company
is analyzed for finding out any threats impending within the operations of the organization
about the risks in information technology for the organization. This would be done in several
processes by finding out the rationale for the risk assessment process and identification and
discussion of the key threats. Furthermore the mitigation of the key threads would be
identified followed by the impact on the organization and the stakeholders associated with it.

2COMPREHENSIVE AND TECHNICAL RISK ANALYSIS
Table of Contents
Introduction................................................................................................................................3
Background of the organization and its systems and operations...........................................3
Goals and various key terms used in risk management and assessment of IT risk in
business terms........................................................................................................................4
Identification and discussion of the key threats.....................................................................4
Approaches for mitigating security risk and impact of the mitigation processes on the
organization............................................................................................................................6
Rationale for further analysis.................................................................................................8
Conclusion..................................................................................................................................8
References..................................................................................................................................9

3COMPREHENSIVE AND TECHNICAL RISK ANALYSIS
Introduction
A technical risk assessment procedure follows a Framework for every organization to
handle a wide range of complex process and project to make sure that the risk arising in all
the projects are assessed and handled feasibly. In this case, a small scale IT Company has
implemented a technological environment and needs to conduct a technical risk analysis for
which they have hired a consultant. A management report needs to be constructed in this
regard to understand a clear statement of the technology project that is to be assessed and the
overview of the recommendation to the management for which the merit of the project is
based on for the risk assessment procedure. The entire risk assessment would be based on
assets, vulnerabilities, threats and consequences that would be derived from the IT control
framework. Along with that, the industry risk recommendations would also be specified for
the project along with the key threats and the process to mitigate the threats. The impact that
this mitigation process would have on the organization would also be described along with a
brief summary of the protection mechanism that would be employed within the organization
based on the people, culture and technology. In the end any further analysis of gaps and the
reason they would be done will also be explained in the risk assessment report.
Background of the organization and its systems and operations
The organization on which the risk assessment is to be completed is basically a small
scale software organization. This organization mostly deals with the working on innovative
software which plans to sell or provide services to the customers in near future. The
organization stores its codes and documentation in specific servers that can be accessible via
Internet. All the documentation and codes that are stored on servers are also public in nature.
Even though the organization is a small scale software company, they have a considerable
investment in this data corporation which is mainly developed for corporate purposes.
Needless to say, the integrity and confidentiality of the data is thus extremely important.
There is a number of staff in this organization that is responsible for the management of the
server infrastructure although there are many people across the organization that has the idea
of the administrative passwords. This is done only because there is a lack of a full-time
administrator in the business right at this point of time and this is why people have the
knowledge about the administration password to make sure that anybody can work as a part-

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

4COMPREHENSIVE AND TECHNICAL RISK ANALYSIS
time administrator when needed. The administration of the service and systems are the key
role of the several developers but they have limited skill based on the administration services
for the organization. write at this point of time the employees in the organization is enjoying
a free and unrestricted access to the internet but realistically they only need to browse certain
websites on the Internet and therefore the management is keen on implementing a system that
would minimize the cost of accessing the web resources.
Goals and various key terms used in risk management and assessment of IT risk
in business terms
Every business can face more or less threads while conducting the business processes.
Therefore it should be implemented within the business process that a proper risk
management is held in strategic management system to identify an address all the risk that the
business is currently facing so that the likelihood of achieving business objectives in the most
feasible way is achieved. Otherwise there are many ways in which these risks can destroy the
operations of a business. there is management process normally involves a methodological
identifying of the risk that might surround the business activities, the assessing of the priority
and likelihood of the risk that might be occurring and its impact on the business events, the
understanding of mitigating the risks and responding to the events, putting particular systems
in place for dealing with the consequences and monitoring the effectiveness for the disk
management approaches and controls.
In this way it would be easier to process the risk management procedure, which also
has a number of ways by which a business decision making, prioritization and planning is
improved along with the allocation of capital and resources in a more efficiently.
There are several types of IT related risks that a business can face. It can either be
strategic, compliance, financial or operational. On the other hand the risks can also be
environmental, employee risk, political and economical as well as health and safety related.
However since this organization is a small scale software organization, mostly it is assume
that the risks that might occur in this particular case might be the operational systems and
information technology systems.

5COMPREHENSIVE AND TECHNICAL RISK ANALYSIS
Identification and discussion of the key threats
According to the information about the organization, it is found that the organization
is trying to work on innovative software system and has a plan to sell them to the customers
in near future. For this the organization is storing its documentation and codes in server
systems and temporary staff or managing those codes and documentation which are publicly
accessible via Internet. There are other problems as well within the organization which are
handled by the following departments in the organization:
 Research and Development handled by 56 people
 Management handled by 4 people
 Human Resources & Legal department handled by 5 people
 Finance handled by a total of 3 people
The organization also uses service to perform its core business including the
infrastructure of the organization. The infrastructure of the organization can be described in
details. The organization uses a number of servers to perform its core business. The servers
are not very busy. In total there are six servers. These servers include a CIFS (Windows File
Sharing) Server (running on a Windows NT server), Windows Active Directory Server
(running on a Windows NT server), Apache Web Server (running on Mac OS X machine),
Development Server (typically accessed using telnet and ftp) (running on Linux), Exchange
Server (running on a Windows NT Server) and Oracle Server (running on a Solaris – Sun
machine). Each of these servers is independent machines with vanilla installs of the operating
system. The servers are not running the latest operating systems nor have they been patched.
These machines have publicly accessible addresses and hence can be access from the
Internet.
The servers are commodity x86 boxes or servers that have been acquired through
various means i.e. the Sparc Station was purchased from Ebay by some employee’s who
wanted to learn Solaris and the Mac, well it was purchased because there is a Mac head in the
organization who really loves Mac’s.
There is no maintenance on either the hardware or software. Some of the servers are
over five years old e.g. the Sparc Station.

6COMPREHENSIVE AND TECHNICAL RISK ANALYSIS
According to the discussion about the organization, the following can be identified as
the key threats in the operations of the organization:
 the infrastructure of the organization lacks in maintenance of the hardware and
software including some of the service being much older
 The organization mostly utilizes their services to present to their customers
with any organization; however some developers also work from home in the
evening to access the CVS service from their homework station. This can be a
serious threat as there is no way by which the failover of this can be recovered,
and if the disk goes bad, the data would be lost associated with its feels.
 In the administration Department external hackers of compromise on desktop
machines in the past and administration and reasonably confident that the
service is not been compromised yet. How about the organization is entirely
depending on the services offered by it servers, what the mean risk resides in
the compromising of the host as there is no system developed to disable the
hackers. This will make the compromises of data be noticed the match later
stage where damage will already be done.
 The organization do not possess a firewall security system and currently all the
services offered by the servers are accessible via the internet. There is no
email or virus protection in the organization noticed as well. Each employee is
provided with the desktop computer however most of them are running a
vanilla install of Windows like operating system that has not been passed since
its installation. In addition to this every administrator has the privilege of
working in their own workstation but the user can have their accounts on other
employee computers possibly using the same on different password.
 There is no rule about passwords in the organization and it is also known as
that the most common password used in the organization is the name of the
person. The passwords are also indicated of what is used on the server
machines.
Approaches for mitigating security risk and impact of the mitigation processes
on the organization
According to the critical analysis of the entire organization, the following approaches
have been selected as the processes by which the security risks are on the verge of being

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7COMPREHENSIVE AND TECHNICAL RISK ANALYSIS
mitigated. Therefore it is suggested that the following processes are involved within the
system to make sure that there are no risks in pending along with the vulnerability of the
organization regarding its Information Technology system:
 Using insurance to transfer IT risk: This is a mitigating process by which the
organization can transfer the entire it security risk into insurance so that if in
future any kind of threat within the IT security system causes any harm or loss to
the organization it can be recovered by the insurance policy.
 Critical evaluation of the IT security risks in terms of vulnerabilities targeted
by hackers: It is important that all the IT security risks in terms of the
vulnerabilities that has been targeted by the occurs before in the organization is
critically evaluated to find out the main problems that has caused the hackers to
attack the system. Therefore it should be make sure that through this critical
evaluation in the primary problems and vulnerabilities within the organization is
found out to make sure that they do not occur anymore.
 The use of intrusion detection systems, firewalls and vulnerability scanners to
reduce risk: Since the organization does not on any intrusion detection system
like firewalls and vulnerability scanner to reduce the risks of hackers hacking the
system, it is suggested that the organization starts investing in all this intrusion
detection system so that before any risk or cause it is detected by these security
systems so that they do not occur anymore.
 Protection mechanisms: The organization needs to implement protection
mechanism in case of the systems and devices utilized by all the employees within
the organization, especially the developers who happened to access the system
from anywhere. In addition to that the employees in the organization have a very
weak setup of passwords which is not clearly understood as a security system. it is
important that there are proper medication process and protection mechanism is
developed to make sure that the password are made exclusive and there are proper
processes developed to make sure that all these passwords are created in the
proper way in which the hackers would not find it easy to pass through. Along
with that it should also be mentioned that the employees should be divided in such
a way that all the departments do not face lack of employees for which other
employees handling different departments have to come up to provide support to
the particular department.

8COMPREHENSIVE AND TECHNICAL RISK ANALYSIS
Rationale for further analysis
There are chances that the organization can further have the impact on the impending
risks that are already creating an impact on the entire system of the organization. Since the
organization is a small scale software company, it can greatly impact the financial systems
and other resources of the organization making the business fail in the near future. this is why
it is required that any further analysis of upcoming risks are done before declaring the risk
management program so that the company would be ready for mitigating on the upcoming
threats and vulnerabilities that the company might face constantly. Along with that it is also
important that the risk assessment is done in a continual manner; so that the organization is
always steer clear of any kind of threats from external sources.
Conclusion
Therefore in conclusion it can be said that the business for this particular small scale
software organization has various impending risks that should be minimized or assessed
through the risk management analysis process so that they do not make the organization more
vulnerable to the external threats as well as the internal threats. Right now the company is at
available position where the operational process can fail due to the various problem that is
also already been detected within the system. proper methodology is followed to find out the
vulnerabilities and the risk that are found within the system along with the goals and key
terms used in the risk management and assessment of IT risks in business terms. In addition
to that the identification and discussion of the three threads has also been explained in this
report with a critical analysis of the various approaches generated for mitigating the security
risks has been described. The processes by which the risk introduced is generated within the
organization are explained in the report along with the critical analysis of the impact of these
risk mitigation processes on the business operation. In the end, there is also a rationale for
identifying any gaps for further analysis that describes why the risk mitigation and
assessment process needs to continue within the operations of the business to make sure that
the business is not being vulnerable to any kind of external threats in the future.

9COMPREHENSIVE AND TECHNICAL RISK ANALYSIS
References
Chockalingam, S., Hadžiosmanović, D., Pieters, W., Teixeira, A., & van Gelder, P. (2016,
October). Integrated safety and security risk assessment methods: a survey of key
characteristics and applications. In International Conference on Critical Information
Infrastructures Security (pp. 50-62). Springer, Cham.
Farland, W., & Dourson, M. (2018). Noncancer health endpoints: approaches to quantitative
risk assessment. In Comparative environmental risk assessment (pp. 87-106). CRC
Press.
Gadyatskaya, O., Harpes, C., Mauw, S., Muller, C., & Muller, S. (2016, June). Bridging two
worlds: reconciling practical risk assessment methodologies with theory of attack
trees. In International Workshop on Graphical Models for Security (pp. 80-93).
Springer, Cham.
Jouini, M., & Rabai, L. B. A. (2016). Comparative Study of Information Security Risk
Assessment Models for Cloud Computing systems. Procedia Computer Science, 83,
1084-1089.
Layton, T. P. (2016). Information Security: Design, implementation, measurement, and
compliance. Auerbach Publications.
Lehmann, J., & Joseph, S. (Eds.). (2015). Biochar for environmental management: science,
technology and implementation. Routledge.
Lund, S. H., Aspelund, T., Kirby, P., Russell, G., Einarsson, S., Palsson, O., & Stefánsson, E.
(2016). Individualised risk assessment for diabetic retinopathy and optimisation of
screening intervals: a scientific approach to reducing healthcare costs. British Journal
of Ophthalmology, 100(5), 683-687.
Mehrjoo, M., & Pasek, Z. J. (2016). Risk assessment for the supply chain of fast fashion
apparel industry: a system dynamics framework. International Journal of Production
Research, 54(1), 28-48.
Sadgrove, K. (2016). The complete guide to business risk management. Routledge.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

10COMPREHENSIVE AND TECHNICAL RISK ANALYSIS
Sandman, P. M. (2017). Environmental risk and the press. Routledge.
Shameli-Sendi, A., Aghababaei-Barzegar, R., & Cheriet, M. (2016). Taxonomy of
information security risk assessment (ISRA). Computers & security, 57, 14-30.
Suter II, G. W. (2016). Ecological risk assessment. CRC press.

1 out of 11

+13062052269

info@desklib.com

COMPREHENSIVE AND TECHNICAL RISK ANALYSIS

Contribute Materials

Secure Best Marks with AI Grader

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Related Documents

IS/ IT Risk Management Project: The Young Acorn Foundation Assessment 2022

Technical Risk Analysis

Project and Strategic Risk Management

Technical Risk Analysis 2022

Risk Assessment

Designing BYOD Electronic Examinations